SlideShare ist ein Scribd-Unternehmen logo

Fuller.david

Als PPTX, PDF herunterladen
N
NASAPMC
TechnologieBildung
1 von 20
National Aeronautics and Space Administration How Complex Systems Fail David Fuller NASA Glenn Research Center www.nasa.gov 1
National Aeronautics and Space Administration How Complex Systems Fail A Short Treatise by Richard Cook, MD • Written by Richard Cook, MD, Director of the Cognitive Technologies Laboratory at the University of Chicago • http://www.ctlab.org/documents/How%20Complex%2 0Systems%20Fail.pdf • 18 short paragraphs on complex systems that will help every project manager understand and reduce risk in their project www.nasa.gov 2
National Aeronautics and Space Administration 1. Complex Systems are Intrinsically Hazardous Systems • Complex systems are found in transportation, healthcare, power generation, and space. • Because they are complex, they are inherently and unavoidably hazardous. • The defenses that are created against these hazards characterize these systems. www.nasa.gov 3
National Aeronautics and Space Administration 2. Complex Systems are Heavily and Successfully Defended Against Failure • Multiple layers of defense against hazards in: – Machine – Human – Organizational – Institutional – Regulatory • These defenses keep operations away from accidents www.nasa.gov 4
National Aeronautics and Space Administration 3. Catastrophe Requires Multiple Failures • Defenses are generally successful. • Catastrophic failures occur when small or disconnected failures come together. • Most initial failure trajectories are blocked by the systems safety components. • Trajectories that reach operational level are blocked by humans operating the system. www.nasa.gov 5
National Aeronautics and Space Administration 4. Complex Systems Contain Changing Mixtures of Latent Failures • Multiple flaws are always present. • Individual flaws are considered minor factors because they are insufficient individually to cause failure. • Eradication of latent failures is limited by economic cost. • Difficult to foresee how these minor flaws might contribute to accidents. • Failures change constantly: – Changing technology – Changing work organization – Changing efforts to eradicate failures. www.nasa.gov 6
National Aeronautics and Space Administration 5. Complex Systems Run in Degraded Mode • Complex systems run as broken systems. • Continues to function because it contains many redundancies. • Human operators learn to make it function. • System operations are dynamic: – Organization changes – Human behavior changes – Technology changes. www.nasa.gov 7
National Aeronautics and Space Administration 6. Catastrophe is Always Just Around the Corner • Human operators are in close physical and temporal proximity to these potential failures. • Failure can occur at any time and any place. • It is impossible to eliminate this potential. • Potential for disaster is always present by the systems own nature. www.nasa.gov 8
National Aeronautics and Space Administration 7. Post-Accident Attribution to a “Root Cause” is Fundamentally Wrong • There is never an isolated cause of an accident. • Many individual causes that join together to cause accidents. • Causes are many times not coupled. • Evaluations based on finding the “root cause” show a misunderstanding of the nature of accidents. • Insistence on a “root cause” reflects the social and cultural need to blame specific, localized forces for accidents. www.nasa.gov 9
National Aeronautics and Space Administration 8. Hindsight Biases Post-Accident Assessments of Human Performance • Knowledge of the outcome makes the investigator unable to understand the human factors present at the time of accident. • Knowledge of the outcome poisons the ability of the investigator to recreate the views of the humans involved. • Hindsight bias remains the primary obstacle to accident investigation, especially when expert human performance is involved. www.nasa.gov 10
National Aeronautics and Space Administration 9. Human Operators have Dual Roles: Producers and Defenders Against Failure • Operators work to produce the desired product and also work to forestall accidents. • Operators balance production against safety in a dynamic environment. • In times of no accidents, production is emphasized. • After accidents, the defensive role is emphasized. www.nasa.gov 11
National Aeronautics and Space Administration 10. All Practitioner Actions are Gambles • All decisions are made in the face of uncertainty. • The degree of uncertainty changes from moment to moment. • The “gamble” appears clear after accidents (see 8 above). • Post hoc analysis of accidents regards these gambles as poor ones. • Successful outcomes are also the result of gambles, but are seen in a much more favorable light. www.nasa.gov 12
National Aeronautics and Space Administration 11. Actions at the Sharp End Resolve All Ambiguity • Organizations are ambiguous about the relationship between: – Production – Efficient use of resources – Economy/costs of operations – Acceptable risk • All of this ambiguity is resolved moment by moment by the operators. www.nasa.gov 13
National Aeronautics and Space Administration 12. Human Practitioners are the Adaptable Element of Complex Systems • Operators actively adapt the system to maximize production and minimize accidents. • These adaptations include: – Restructuring the system to reduce exposure of vulnerable parts to failure – Concentrating critical resources in areas of high demand – Providing pathways for retreat or recovery from faults – Establishing means for early detection of changed system performance. www.nasa.gov 14
National Aeronautics and Space Administration 13. Human expertise in Complex Systems is Constantly Changing • Expertise changes as technology changes. • Experts are replaced (turnover). • Operators are being trained and skills refined. • The cognitive abilities of humans are variable from moment to moment. www.nasa.gov 15
National Aeronautics and Space Administration 14. Change Introduces New Forms of Failure • A low rate of accidents may encourage changes. • Changes create opportunities for new failure modes. • New technologies introduce new failure pathways. • Because failures are low rate, multiple system changes may occur before an accident, making it hard to understand the contribution of the new technology. www.nasa.gov 16
National Aeronautics and Space Administration 15. Views of “Cause” Limit the Effectiveness of Defenses Against Future Events • Post-accident remedies for “human error” are usually predicated on obstructing activities that “cause” accidents. • These measure do little to reduce the likelihood of further accidents. • Identical accidents are very low because the pattern of latent failures changes constantly. • Post-accident remedies usually increase the coupling and complexity of the system. www.nasa.gov 17
National Aeronautics and Space Administration 16. Safety is a Characteristic of Systems and not their Components • Safety is an emergent property. • It does not reside in any one person, device, or department with the organization. • The state of safety is always dynamic. • The whole is greater than the sum of the parts. www.nasa.gov 18
National Aeronautics and Space Administration 17. People Continuously Create Safety • Failure free operations are the result of activities of people who work to keep the system within the boundaries of tolerable performance. • These activities are part of normal operations. • Because system operations are never trouble free, operators adapt to changing conditions. • Operators are creating safety from moment to moment. • Safety is at the mercy of the operators perception of the situation. www.nasa.gov 19
National Aeronautics and Space Administration 18. Failure Free Operations Require Experience with Failure • Recognizing hazards and successfully manipulating system operations requires intimate contact with failure. • Operators must be able to see the “edge of the envelope.” • Improved safety depends on providing operators with calibrated views of the hazards. • Training allows errors to be experienced in a controlled environment. www.nasa.gov 20

Empfohlen

Schaible.dawn
Schaible.dawnSchaible.dawn
Schaible.dawnNASAPMC
 
Odum.t.averbeck.r
Odum.t.averbeck.rOdum.t.averbeck.r
Odum.t.averbeck.rNASAPMC
 
Dittemore.gary
Dittemore.garyDittemore.gary
Dittemore.garyNASAPMC
 
Seftas.george
Seftas.georgeSeftas.george
Seftas.georgeNASAPMC
 
Otero.s.mongan.p
Otero.s.mongan.pOtero.s.mongan.p
Otero.s.mongan.pNASAPMC
 
Kirsch.mike
Kirsch.mikeKirsch.mike
Kirsch.mikeNASAPMC
 
Saltzman.john
Saltzman.johnSaltzman.john
Saltzman.johnNASAPMC
 
Smith.marshall.bryant
Smith.marshall.bryantSmith.marshall.bryant
Smith.marshall.bryantNASAPMC
 

Empfohlen

Schaible.dawn
Schaible.dawnSchaible.dawn
Schaible.dawnNASAPMC
 
Odum.t.averbeck.r
Odum.t.averbeck.rOdum.t.averbeck.r
Odum.t.averbeck.rNASAPMC
 
Dittemore.gary
Dittemore.garyDittemore.gary
Dittemore.garyNASAPMC
 
Seftas.george
Seftas.georgeSeftas.george
Seftas.georgeNASAPMC
 
Otero.s.mongan.p
Otero.s.mongan.pOtero.s.mongan.p
Otero.s.mongan.pNASAPMC
 
Kirsch.mike
Kirsch.mikeKirsch.mike
Kirsch.mikeNASAPMC
 
Saltzman.john
Saltzman.johnSaltzman.john
Saltzman.johnNASAPMC
 
Smith.marshall.bryant
Smith.marshall.bryantSmith.marshall.bryant
Smith.marshall.bryantNASAPMC
 
Gaydar.michael
Gaydar.michaelGaydar.michael
Gaydar.michaelNASAPMC
 
Barth simpkins
Barth simpkinsBarth simpkins
Barth simpkinsNASAPMC
 
Ryschk wow
Ryschk wowRyschk wow
Ryschk wowNASAPMC
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
John.marinaro
John.marinaroJohn.marinaro
John.marinaroNASAPMC
 
Turner.john
Turner.johnTurner.john
Turner.johnNASAPMC
 
Art c
Art cArt c
Art cNASAPMC
 
Stambolianv2
Stambolianv2Stambolianv2
Stambolianv2NASAPMC
 
Love.john
Love.johnLove.john
Love.johnNASAPMC
 
Ross.howard
Ross.howardRoss.howard
Ross.howardNASAPMC
 
Las Failure
Las FailureLas Failure
Las Failureguestc990b6
 
Neil.dennehy
Neil.dennehyNeil.dennehy
Neil.dennehyNASAPMC
 
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...guestc990b6
 
London Ambulance Problems
London Ambulance ProblemsLondon Ambulance Problems
London Ambulance ProblemsKennyBHS
 
Polaris H4D Stanford 2018
Polaris H4D Stanford 2018Polaris H4D Stanford 2018
Polaris H4D Stanford 2018Stanford University
 
Why RCM Doesn't Work?
Why RCM Doesn't Work?Why RCM Doesn't Work?
Why RCM Doesn't Work?Ricky Smith CMRP, CMRT
 
Time Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons LearnedTime Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons LearnedStanford University
 
Learn 2 Win H4D Stanford 2019
Learn 2 Win H4D Stanford 2019Learn 2 Win H4D Stanford 2019
Learn 2 Win H4D Stanford 2019Stanford University
 
Chuan weihoo_IISF2011
Chuan weihoo_IISF2011Chuan weihoo_IISF2011
Chuan weihoo_IISF2011Directorate of Information Security | Ditjen Aptika
 
Anthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learnedAnthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learnedStanford University
 
1.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 21.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 2Myton School PE Dept
 
Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuliNASAPMC
 

Weitere ähnliche Inhalte

Was ist angesagt?

Gaydar.michael
Gaydar.michaelGaydar.michael
Gaydar.michaelNASAPMC
 
Barth simpkins
Barth simpkinsBarth simpkins
Barth simpkinsNASAPMC
 
Ryschk wow
Ryschk wowRyschk wow
Ryschk wowNASAPMC
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoonNASAPMC
 
John.marinaro
John.marinaroJohn.marinaro
John.marinaroNASAPMC
 
Turner.john
Turner.johnTurner.john
Turner.johnNASAPMC
 
Stambolianv2
Stambolianv2Stambolianv2
Stambolianv2NASAPMC
 
Love.john
Love.johnLove.john
Love.johnNASAPMC
 
Ross.howard
Ross.howardRoss.howard
Ross.howardNASAPMC
 
Neil.dennehy
Neil.dennehyNeil.dennehy
Neil.dennehyNASAPMC
 
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...guestc990b6
 
London Ambulance Problems
London Ambulance ProblemsLondon Ambulance Problems
London Ambulance ProblemsKennyBHS
 
Time Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons LearnedTime Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons LearnedStanford University
 
Anthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learnedAnthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learnedStanford University
 

Was ist angesagt? (20)

Gaydar.michael
Gaydar.michaelGaydar.michael
Gaydar.michael
 
Barth simpkins
Barth simpkinsBarth simpkins
Barth simpkins
 
Ryschk wow
Ryschk wowRyschk wow
Ryschk wow
 
Dezfuli.homayoon
Dezfuli.homayoonDezfuli.homayoon
Dezfuli.homayoon
 
John.marinaro
John.marinaroJohn.marinaro
John.marinaro
 
Turner.john
Turner.johnTurner.john
Turner.john
 
Art c
Art cArt c
Art c
 
Stambolianv2
Stambolianv2Stambolianv2
Stambolianv2
 
Love.john
Love.johnLove.john
Love.john
 
Ross.howard
Ross.howardRoss.howard
Ross.howard
 
Las Failure
Las FailureLas Failure
Las Failure
 
Neil.dennehy
Neil.dennehyNeil.dennehy
Neil.dennehy
 
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
Lascas Failure Learn A Big Lession From The Most Terrible Problems In The W...
 
London Ambulance Problems
London Ambulance ProblemsLondon Ambulance Problems
London Ambulance Problems
 
Polaris H4D Stanford 2018
Polaris H4D Stanford 2018Polaris H4D Stanford 2018
Polaris H4D Stanford 2018
 
Why RCM Doesn't Work?
Why RCM Doesn't Work?Why RCM Doesn't Work?
Why RCM Doesn't Work?
 
Time Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons LearnedTime Flies H4D 2020 Lessons Learned
Time Flies H4D 2020 Lessons Learned
 
Learn 2 Win H4D Stanford 2019
Learn 2 Win H4D Stanford 2019Learn 2 Win H4D Stanford 2019
Learn 2 Win H4D Stanford 2019
 
Chuan weihoo_IISF2011
Chuan weihoo_IISF2011Chuan weihoo_IISF2011
Chuan weihoo_IISF2011
 
Anthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learnedAnthro Energy H4D 2020 lessons learned
Anthro Energy H4D 2020 lessons learned
 

Andere mochten auch

1.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 21.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 2Myton School PE Dept
 
Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuliNASAPMC
 
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...Bijan Yavar
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixEtQ, Inc.
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management ErmNexus Aid
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30timmcguinness
 
Basic model of strategic management
Basic model of strategic managementBasic model of strategic management
Basic model of strategic managementAlvin Niere
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentationmmagario
 
Strategic Management models and diagrams
Strategic Management models and diagramsStrategic Management models and diagrams
Strategic Management models and diagramshttp://www.drawpack.com
 
OHSAS Hazard identification & Risk assessment
OHSAS Hazard identification & Risk assessmentOHSAS Hazard identification & Risk assessment
OHSAS Hazard identification & Risk assessmentTechnoSysCon
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk AssessmentSteve Bishop
 

Andere mochten auch (13)

1.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 21.2.1 Lesson 6 - risk assessment part 2
1.2.1 Lesson 6 - risk assessment part 2
 
Homayoon.dezfuli
Homayoon.dezfuliHomayoon.dezfuli
Homayoon.dezfuli
 
Types of innovation matrix diagram
Types of innovation matrix diagramTypes of innovation matrix diagram
Types of innovation matrix diagram
 
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...
Risk Matrix, Definition, Theory and Practice (B - Exercise) / DRM Series / Bi...
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk MatrixRisk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk Matrix
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
 
Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30Risk Assessment Process NIST 800-30
Risk Assessment Process NIST 800-30
 
Basic model of strategic management
Basic model of strategic managementBasic model of strategic management
Basic model of strategic management
 
Risk assessment presentation
Risk assessment presentationRisk assessment presentation
Risk assessment presentation
 
Strategic Management models and diagrams
Strategic Management models and diagramsStrategic Management models and diagrams
Strategic Management models and diagrams
 
OHSAS Hazard identification & Risk assessment
OHSAS Hazard identification & Risk assessmentOHSAS Hazard identification & Risk assessment
OHSAS Hazard identification & Risk assessment
 
Powerpoint Risk Assessment
Powerpoint Risk AssessmentPowerpoint Risk Assessment
Powerpoint Risk Assessment
 

Ähnlich wie Fuller.david

Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Ian Sommerville
 
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...AutonomyIncubator
 
CS5032 Lecture 13: organisations and failure
CS5032 Lecture 13: organisations and failureCS5032 Lecture 13: organisations and failure
CS5032 Lecture 13: organisations and failureJohn Rooksby
 
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?TechWell
 
Flight Safety Part3
Flight Safety Part3Flight Safety Part3
Flight Safety Part3gaorge1980
 
American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009infracritical
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systemsAlan Tatourian
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012presNASAPMC
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawKevin Brockhoff
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systemsEinar Landre
 
Safety and security in distributed systems
Safety and security in distributed systems Safety and security in distributed systems
Safety and security in distributed systems Einar Landre
 
DARWIN Webinar 'The sharp end' by Anders Ellerstrand
DARWIN Webinar 'The sharp end' by Anders EllerstrandDARWIN Webinar 'The sharp end' by Anders Ellerstrand
DARWIN Webinar 'The sharp end' by Anders EllerstrandPeter O'Leary
 
How complex systems fail
How complex systems failHow complex systems fail
How complex systems failJisc
 
CS5032 Lecture 6: Human Error 2
CS5032 Lecture 6: Human Error 2CS5032 Lecture 6: Human Error 2
CS5032 Lecture 6: Human Error 2John Rooksby
 
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAF
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAFAll For The Want of a Horseshoe Nail - An Examination of Causality in DoDAF
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAFINCOSE Colorado Front Range Chapter
 
Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Aventis Systems, Inc.
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worsecentralohioissa
 

Ähnlich wie Fuller.david (20)

How Complex Systems Fail
How Complex Systems FailHow Complex Systems Fail
How Complex Systems Fail
 
Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)Organizational Failure (LSCITS EngD 2012)
Organizational Failure (LSCITS EngD 2012)
 
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...
Aviation 2014 Transformation Flight Special Session on Autonomy: Autonomy for...
 
Topic 3 swiss cheese model
Topic 3 swiss cheese modelTopic 3 swiss cheese model
Topic 3 swiss cheese model
 
CS5032 Lecture 13: organisations and failure
CS5032 Lecture 13: organisations and failureCS5032 Lecture 13: organisations and failure
CS5032 Lecture 13: organisations and failure
 
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?
 
Flight Safety Part3
Flight Safety Part3Flight Safety Part3
Flight Safety Part3
 
American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009American Bar Assoc. ISC 2009
American Bar Assoc. ISC 2009
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systems
 
Cloud malfunction up11
Cloud malfunction up11Cloud malfunction up11
Cloud malfunction up11
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
 
Performance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability LawPerformance Testing in Production - Leveraging the Universal Scalability Law
Performance Testing in Production - Leveraging the Universal Scalability Law
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systems
 
Safety and security in distributed systems
Safety and security in distributed systems Safety and security in distributed systems
Safety and security in distributed systems
 
DARWIN Webinar 'The sharp end' by Anders Ellerstrand
DARWIN Webinar 'The sharp end' by Anders EllerstrandDARWIN Webinar 'The sharp end' by Anders Ellerstrand
DARWIN Webinar 'The sharp end' by Anders Ellerstrand
 
How complex systems fail
How complex systems failHow complex systems fail
How complex systems fail
 
CS5032 Lecture 6: Human Error 2
CS5032 Lecture 6: Human Error 2CS5032 Lecture 6: Human Error 2
CS5032 Lecture 6: Human Error 2
 
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAF
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAFAll For The Want of a Horseshoe Nail - An Examination of Causality in DoDAF
All For The Want of a Horseshoe Nail - An Examination of Causality in DoDAF
 
Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview Disaster Recovery & Business Continuity Overview
Disaster Recovery & Business Continuity Overview
 
Harry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get WorseHarry Regan - It's Never So Bad That It Can't Get Worse
Harry Regan - It's Never So Bad That It Can't Get Worse
 

Mehr von NASAPMC

Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk boNASAPMC
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski johnNASAPMC
 
Yew manson
Yew mansonYew manson
Yew mansonNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Wood frank
Wood frankWood frank
Wood frankNASAPMC
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)NASAPMC
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joeNASAPMC
 
Trahan stuart
Trahan stuartTrahan stuart
Trahan stuartNASAPMC
 
Stock gahm
Stock gahmStock gahm
Stock gahmNASAPMC
 
Snow lee
Snow leeSnow lee
Snow leeNASAPMC
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandraNASAPMC
 
Seftas krage
Seftas krageSeftas krage
Seftas krageNASAPMC
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marcoNASAPMC
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mikeNASAPMC
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karleneNASAPMC
 
Rackley mike
Rackley mikeRackley mike
Rackley mikeNASAPMC
 
Paradis william
Paradis williamParadis william
Paradis williamNASAPMC
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeffNASAPMC
 
O'keefe william
O'keefe williamO'keefe william
O'keefe williamNASAPMC
 
Muller ralf
Muller ralfMuller ralf
Muller ralfNASAPMC
 

Mehr von NASAPMC (20)

Bejmuk bo
Bejmuk boBejmuk bo
Bejmuk bo
 
Baniszewski john
Baniszewski johnBaniszewski john
Baniszewski john
 
Yew manson
Yew mansonYew manson
Yew manson
 
Wood frank
Wood frankWood frank
Wood frank
 
Wood frank
Wood frankWood frank
Wood frank
 
Wessen randi (cd)
Wessen randi (cd)Wessen randi (cd)
Wessen randi (cd)
 
Vellinga joe
Vellinga joeVellinga joe
Vellinga joe
 
Trahan stuart
Trahan stuartTrahan stuart
Trahan stuart
 
Stock gahm
Stock gahmStock gahm
Stock gahm
 
Snow lee
Snow leeSnow lee
Snow lee
 
Smalley sandra
Smalley sandraSmalley sandra
Smalley sandra
 
Seftas krage
Seftas krageSeftas krage
Seftas krage
 
Sampietro marco
Sampietro marcoSampietro marco
Sampietro marco
 
Rudolphi mike
Rudolphi mikeRudolphi mike
Rudolphi mike
 
Roberts karlene
Roberts karleneRoberts karlene
Roberts karlene
 
Rackley mike
Rackley mikeRackley mike
Rackley mike
 
Paradis william
Paradis williamParadis william
Paradis william
 
Osterkamp jeff
Osterkamp jeffOsterkamp jeff
Osterkamp jeff
 
O'keefe william
O'keefe williamO'keefe william
O'keefe william
 
Muller ralf
Muller ralfMuller ralf
Muller ralf
 

Kürzlich hochgeladen

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Fuller.david

  • 1. National Aeronautics and Space Administration How Complex Systems Fail David Fuller NASA Glenn Research Center www.nasa.gov 1
  • 2. National Aeronautics and Space Administration How Complex Systems Fail A Short Treatise by Richard Cook, MD • Written by Richard Cook, MD, Director of the Cognitive Technologies Laboratory at the University of Chicago • http://www.ctlab.org/documents/How%20Complex%2 0Systems%20Fail.pdf • 18 short paragraphs on complex systems that will help every project manager understand and reduce risk in their project www.nasa.gov 2
  • 3. National Aeronautics and Space Administration 1. Complex Systems are Intrinsically Hazardous Systems • Complex systems are found in transportation, healthcare, power generation, and space. • Because they are complex, they are inherently and unavoidably hazardous. • The defenses that are created against these hazards characterize these systems. www.nasa.gov 3
  • 4. National Aeronautics and Space Administration 2. Complex Systems are Heavily and Successfully Defended Against Failure • Multiple layers of defense against hazards in: – Machine – Human – Organizational – Institutional – Regulatory • These defenses keep operations away from accidents www.nasa.gov 4
  • 5. National Aeronautics and Space Administration 3. Catastrophe Requires Multiple Failures • Defenses are generally successful. • Catastrophic failures occur when small or disconnected failures come together. • Most initial failure trajectories are blocked by the systems safety components. • Trajectories that reach operational level are blocked by humans operating the system. www.nasa.gov 5
  • 6. National Aeronautics and Space Administration 4. Complex Systems Contain Changing Mixtures of Latent Failures • Multiple flaws are always present. • Individual flaws are considered minor factors because they are insufficient individually to cause failure. • Eradication of latent failures is limited by economic cost. • Difficult to foresee how these minor flaws might contribute to accidents. • Failures change constantly: – Changing technology – Changing work organization – Changing efforts to eradicate failures. www.nasa.gov 6
  • 7. National Aeronautics and Space Administration 5. Complex Systems Run in Degraded Mode • Complex systems run as broken systems. • Continues to function because it contains many redundancies. • Human operators learn to make it function. • System operations are dynamic: – Organization changes – Human behavior changes – Technology changes. www.nasa.gov 7
  • 8. National Aeronautics and Space Administration 6. Catastrophe is Always Just Around the Corner • Human operators are in close physical and temporal proximity to these potential failures. • Failure can occur at any time and any place. • It is impossible to eliminate this potential. • Potential for disaster is always present by the systems own nature. www.nasa.gov 8
  • 9. National Aeronautics and Space Administration 7. Post-Accident Attribution to a “Root Cause” is Fundamentally Wrong • There is never an isolated cause of an accident. • Many individual causes that join together to cause accidents. • Causes are many times not coupled. • Evaluations based on finding the “root cause” show a misunderstanding of the nature of accidents. • Insistence on a “root cause” reflects the social and cultural need to blame specific, localized forces for accidents. www.nasa.gov 9
  • 10. National Aeronautics and Space Administration 8. Hindsight Biases Post-Accident Assessments of Human Performance • Knowledge of the outcome makes the investigator unable to understand the human factors present at the time of accident. • Knowledge of the outcome poisons the ability of the investigator to recreate the views of the humans involved. • Hindsight bias remains the primary obstacle to accident investigation, especially when expert human performance is involved. www.nasa.gov 10
  • 11. National Aeronautics and Space Administration 9. Human Operators have Dual Roles: Producers and Defenders Against Failure • Operators work to produce the desired product and also work to forestall accidents. • Operators balance production against safety in a dynamic environment. • In times of no accidents, production is emphasized. • After accidents, the defensive role is emphasized. www.nasa.gov 11
  • 12. National Aeronautics and Space Administration 10. All Practitioner Actions are Gambles • All decisions are made in the face of uncertainty. • The degree of uncertainty changes from moment to moment. • The “gamble” appears clear after accidents (see 8 above). • Post hoc analysis of accidents regards these gambles as poor ones. • Successful outcomes are also the result of gambles, but are seen in a much more favorable light. www.nasa.gov 12
  • 13. National Aeronautics and Space Administration 11. Actions at the Sharp End Resolve All Ambiguity • Organizations are ambiguous about the relationship between: – Production – Efficient use of resources – Economy/costs of operations – Acceptable risk • All of this ambiguity is resolved moment by moment by the operators. www.nasa.gov 13
  • 14. National Aeronautics and Space Administration 12. Human Practitioners are the Adaptable Element of Complex Systems • Operators actively adapt the system to maximize production and minimize accidents. • These adaptations include: – Restructuring the system to reduce exposure of vulnerable parts to failure – Concentrating critical resources in areas of high demand – Providing pathways for retreat or recovery from faults – Establishing means for early detection of changed system performance. www.nasa.gov 14
  • 15. National Aeronautics and Space Administration 13. Human expertise in Complex Systems is Constantly Changing • Expertise changes as technology changes. • Experts are replaced (turnover). • Operators are being trained and skills refined. • The cognitive abilities of humans are variable from moment to moment. www.nasa.gov 15
  • 16. National Aeronautics and Space Administration 14. Change Introduces New Forms of Failure • A low rate of accidents may encourage changes. • Changes create opportunities for new failure modes. • New technologies introduce new failure pathways. • Because failures are low rate, multiple system changes may occur before an accident, making it hard to understand the contribution of the new technology. www.nasa.gov 16
  • 17. National Aeronautics and Space Administration 15. Views of “Cause” Limit the Effectiveness of Defenses Against Future Events • Post-accident remedies for “human error” are usually predicated on obstructing activities that “cause” accidents. • These measure do little to reduce the likelihood of further accidents. • Identical accidents are very low because the pattern of latent failures changes constantly. • Post-accident remedies usually increase the coupling and complexity of the system. www.nasa.gov 17
  • 18. National Aeronautics and Space Administration 16. Safety is a Characteristic of Systems and not their Components • Safety is an emergent property. • It does not reside in any one person, device, or department with the organization. • The state of safety is always dynamic. • The whole is greater than the sum of the parts. www.nasa.gov 18
  • 19. National Aeronautics and Space Administration 17. People Continuously Create Safety • Failure free operations are the result of activities of people who work to keep the system within the boundaries of tolerable performance. • These activities are part of normal operations. • Because system operations are never trouble free, operators adapt to changing conditions. • Operators are creating safety from moment to moment. • Safety is at the mercy of the operators perception of the situation. www.nasa.gov 19
  • 20. National Aeronautics and Space Administration 18. Failure Free Operations Require Experience with Failure • Recognizing hazards and successfully manipulating system operations requires intimate contact with failure. • Operators must be able to see the “edge of the envelope.” • Improved safety depends on providing operators with calibrated views of the hazards. • Training allows errors to be experienced in a controlled environment. www.nasa.gov 20